iptables

Hello, I have problems doing a NAT. I have a dedicated Hetzner with only 1 public IP. Install Proxmox and create a vmbr0 with the data of the public ip then create a mvbr1 with the ip 192.168.10.1 Then create my CT, with the ip 192.168.10.100 Install a Web Server in my CT. and on my private...

I've been hitting my head to the brick wall that is iptables inside a Debian 11.3 container in Proxmox. I cannot seem to get it to block anything and there seems to be some contradicting discussions about if iptables should even work inside LXC. I do use Proxmox firewall as well, and it is...

Hi, I'm trying to achieve following: I want everything, what comes in with TCP protocol, will be natted to 10.10.100.1 except: - Source IP 100.100.100.1 to destination port 22, 8006 - Source IP 100.100.100.2 to destination port 22, 8006 - Source IP 100.100.100.3 to destination port 22, 8006 -...

Hello everyone I have a custom firewall rule for a few VMs that I can't enter in the GUI. The most elegant way would be to load it directly at startup by "post-up" in the /etc/network/interfaces file. The rule looks like this: ip6tables --insert tap181i0-IN -m mac ! --mac-source...

Hello everyone, I'm trying to make my own router/firewall with OPNsense as a VM in Proxmox. What's not clear to me is if I can let OPNsense connect to the internet directly, or if that put Proxmox at risk and thus I should add the Proxmox Firewall to be safe? In both cases Proxmox will be...

Hi, I'm trying to learn a bit more in-depth about networking in Proxmox in order to diagnose some connection issues I'm having. I thought maybe to just get confirmed how I believe packets are processed when sent to a container or VM. Say I have a host with a single public IP and some guests. I...

Hello guys, as I'm having a pretty tough time to get one of the services (BigBlueButton) to work I would like to try the deployment with a 1:1 NAT in iptables. Long story short, I have a virtualised opnesense/pfsene, tried really everything in there (1:1Nat), port forwardings, different reverse...

This is 4th try after getting no responses from Stack Exchange sites [1, 2, 3] and I've been fighting with this issue for ~2 weeks. I really hope someone can help me with this issue. --- I have a setup like this (this diagram is also available here): I'm running a single PVE host in my...

Hello. I have a NAS directly connected to my Proxmox machine, which forwards all NFS traffic via iptables to the NAS (I can't directly connect the NAS per our system policy). I can connect to the NFS share from every other machine on our network but not from ProxMox or the VMs running on it...

Hi, I'm not sure if I asked the question already, checked but cannot find in my posts. Basically I have some custom iptables rules per VM/adapter and I do logging. These logs go into the main node logs instead of the VM Firewall logs. /sbin/iptables -N ... /sbin/iptables -A ... -m limit...

Preface Hi together, this thread is highly connected to the issue I explained here: Connected issue I think it has the same root cause but since I got no answer there I tried to narrow down the problem, reframe it. So now I have a different symptom that is based on a more "common" scenario, that...

Hi everybody, I am struggeling with a problem where I did not figure out yet if it is a "basic" networking problem or something that has to do with my SDN configuration. The setup is the following: I have two VEs (192.168.2.10 and .11) coupled as a cluster. Within this cluster there is an...

I am trying to port foward HTTP:80 to IP: 24.12.3.250 I can access my website from 24.12.4.250 since it on the internal network shown below, but when its time to access it from outside the private network I can't access it. (The unnamed router at the top is my home network with the subnet...

Hello, I'm experiencing a pretty strange connection issue when connected to the second vpn VM (wireguard). I got two proxmox nodes, each do have a VM with wireguard, a VM with a dns server, a VM with traefik proxy, both nodes have the same etc/network/interfaces files. Both wireguard VMs are...

This is my current network setup on host one (vm01). I have a public network available over vmbr0 and a private network connected to a nic over vmbr1 (used for cluster traffic and VM private network via a vlan). Now I want to NAT the vlan onto vmbr0 so that the vms can have limited internet...

I have the current setup, which after two days of trying should be correct. I can't get the iptables nat config to redirect traffic from either my vlan or the interface vmbr1 at all. At this point I can't see any other option... auto lo iface lo inet loopback iface enp2s0f0 inet manual iface...

I don't know when this issue started, but I have IPv6 disabled via grub by using "ipv6.disable=1" on GRUB_CMDLINE_LINUX_DEFAULT in /etc/default/grub. My syslog is being flooded with the following messages: Nov 19 10:53:24 pve pve-firewall[1053]: status update error: iptables_restore_cmdlist...

Hi, I have created my own LOG chains for specific rules added for each guest. My first question is how can I log in separate log file like PVEFW does per guest? Currently all logs go into the Node's firewall log. Second question is, how can I format the log output to be similar to PVEFW? At...

I`m trying to add some custom iptables rules (like connlimit) for guest machines. Example rule is: -A tap101i0-IN -p tcp -m connlimit --connlimit-above 30 --connlimit-mask 32 --connlimit-saddr -j REJECT --reject-with tcp-reset As seen tap101i0 is the vm 101 adapter. The rule has no effect, I...

I'm having a really hard time trying to add and keep some custom iptables rules. Reading across several threads, iptables-persistent came to light. With that being said I have installed it with apt-get install -y iptables-persistent and all the rules got saved into the corresponding files...